CVE-2021-3522

Summary

CVE	CVE-2021-3522
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-02 15:15:00 UTC
Updated	2022-09-28 20:02:00 UTC
Description	GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gstreamer Project	Gstreamer	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	E-series Santricity Storage Manager	-	All	All	All
Application	Netapp	E-series Santricity Web Services	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Oncommand Insight	-	All	All	All
Application	Netapp	Oncommand Workflow Automation	-	All	All	All
Application	Netapp	Santricity Unified Manager	-	All	All	All
Application	Netapp	Snapmanager	-	All	All	All
Application	Netapp	Snapmanager	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Oracle	Openjdk	8	update301	All	All

References

Reference	Source	Link	Tags
1954761 – (CVE-2021-3522) CVE-2021-3522 gstreamer-plugins-base: out-of-bounds read when handling certain ID3v2 tags	MISC	bugzilla.redhat.com
GStreamer, GStreamer Plugins: Multiple Vulnerabilities (GLSA 202208-31) — Gentoo security	GENTOO	security.gentoo.org
Oracle Critical Patch Update Advisory - October 2021	MISC	www.oracle.com
October 2021 Java Platform Standard Edition Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

180581 Debian Security Update for gst-plugins-base1.0 (CVE-2021-3522)
198376 Ubuntu Security Notification for GStreamer Base Plugins vulnerability (USN-4959-1)
296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
352872 Amazon Linux Security Advisory for java-11-amazon-corretto : ALAS2-2021-1718
354836 Amazon Linux Security Advisory for gstreamer1-plugins-base : ALAS2-2023-2000
375964 Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021)
376087 Azul Java Multiple Vulnerabilities Security Update October 2021
503590 Alpine Linux Security Update for gst-plugins-base
505877 Alpine Linux Security Update for gst-plugins-base
670620 EulerOS Security Update for gstreamer-plugins-base (EulerOS-SA-2021-2378)
670741 EulerOS Security Update for gstreamer-plugins-base (EulerOS-SA-2021-2499)
670841 EulerOS Security Update for gstreamer1-plugins-base (EulerOS-SA-2021-2711)
670978 EulerOS Security Update for gstreamer-plugins-base (EulerOS-SA-2021-2634)
671005 EulerOS Security Update for gstreamer-plugins-base (EulerOS-SA-2021-2583)
671043 EulerOS Security Update for gstreamer1-plugins-base (EulerOS-SA-2021-2686)
710603 Gentoo Linux GStreamer, GStreamer Plugins Multiple Vulnerabilities (GLSA 202208-31)
752768 SUSE Enterprise Linux Security Update for gstreamer-plugins-base (SUSE-SU-2022:3907-1)
752774 SUSE Enterprise Linux Security Update for gstreamer-0_10-plugins-base (SUSE-SU-2022:3916-1)
752776 SUSE Enterprise Linux Security Update for gstreamer-plugins-base (SUSE-SU-2022:3911-1)
754936 SUSE Enterprise Linux Security Update for gstreamer-plugins-base (SUSE-SU-2023:3801-1)